CVE-2025-50861

Medium CVSS 6.5

Overview

The Lotus Cars Android app (com.lotus.carsdomestic.intl) 1.2.8 contains an exported component, PushDeepLinkActivity, which is accessible without authentication via ADB or malicious apps. This poses a risk of unintended access to application internals and can cause denial of service or logic abuse.

CWE: CWE-284 Published: 2025-08-14T20:15:31.910

Risk analysis

This vulnerability is rated 🟡 MEDIUM.

CVSS: 6.5 (MEDIUM)
Detected tags: dos, unauth_access (tag impact: HIGH)

Recommended actions:

Rate limiting, resource quotas and circuit breakers.
Enforce authentication/authorization; reduce default endpoint exposure.

Overview

Recommended tools

Tags